Hello
I have 2 distant sites, each having a local lan privately addressed and
a linux internet gateway. A pptp vpn is set up between the two gateways.
site A :
lan : 172.16.1.0/24
gw : 172.16.1.254
public : 1.1.1.1
vpn : 192.168.1.1
site B :
lan : 172.17.1.0/24
gw : 172.17.1.254
public : 2.2.2.2
vpn : 192.168.1.2
Routing is set up on both sites so that traffic to public addresses is
nat'ed and sent directly on internet, and traffic to private adresses is
sent over the vpn. This allows a site B client (say 172.17.1.5) to
access a site A server (say 172.16.1.6).
There are ip filters on the servers which only allow 172.16.1.0/24 or
172.17.1.0/24 as valid source addresses. For various reasons I do not
want the vpn private addresses to be used for anything else than vpn
traffic and those filters reject 192.168.0.0/16 source addresses.
The problem is that when one of the linux gateways connects to a remote
private server, it uses it's vpn address as source instead of its
private lan address. For example, if I telnet from site B's gateway to
site A server 172.18.1.12, telnet will use 192.168.1.2 as source and the
connection is refused. Obviously this doesn't occur when I telnet from
any other site B machine to that server.
Some tools allow to specify which interface to use on multiple interface
machines, such as ping (with -I) or rsync (with --address), but this is
not the case for all. My question is, what do I have to do to have each
gateway use its private lan address for any traffic with other private
machines on the remote site ?
I thought of iptables rules, but I'm afraid they could mess up the vpn
routing.
I also thought of ip policy routing, but it would change the path, not
the source
Maybe a combination of the 2 ?
Or something else ?
Many thanks in advance for any tip
Thierry
The problem
I have a corporate lan with a private ip subnet 172.17.1.0/24.
On this corporate lan I have a vpn server with 2 nics, one on the lan
with a private ip 172.17.1.254, one on the internet with a public ip 1.1.1.1
On a remote site, I have a local lan with a private ip subnet 172.16.1.0/24
On this lan remote lan I have a linux box acting as an internet gateway,
one nic with a private ip 172.16.1.254, on on the internet with a public
ip 2.2.2.2. On this linux box I also have a vpn pptp client going to the
corporate vpn server. The remote interface has the private ip
192.168.1.1 and the corporate side interface has the private ip 192.168.1.2.
Routing is set up on both sides so that traffic to public servers is nat'ed
a linux box with 2 nics acting as an internet router for a local lan.
Basically the lan has a private ip subnet, say 172.16.1.0/24 and the lan
nic a private ip address, say 172.16.1.254
The wan nic goes to a dsl modem and gets a public ip from the isp say
1.1.1.1
There is also a vpn established with a corporate lan
, the second goes to the lan with a fixed private ip, say 172.18.1.1
A pptp vpn is mounted to reach a company lan with
